rlogin man page on SmartOS

Man page or keyword search:  
man Server   16655 pages
apropos Keyword Search (all sections)
Output format
SmartOS logo
[printable version]

RLOGIN(1)							     RLOGIN(1)

NAME
       rlogin - remote login

SYNOPSIS
       rlogin [-8EL] [-ec ] [-A] [-K] [-x] [-PN | -PO] [-f | -F] [-a]
	    [-l username] [-k realm] hostname

DESCRIPTION
       The  rlogin utility establishes a remote login session from your termi‐
       nal to the remote machine named hostname. The user can choose  to  ker‐
       berize  the  rlogin session using Kerberos V5 and also protect the data
       being transferred.

       Hostnames are listed in the hosts database, which can be	 contained  in
       the  /etc/hosts	file, the Network Information Service (NIS) hosts map,
       the Internet domain name server, or a combination of these.  Each  host
       has  one	 official  name	 (the  first  name in the database entry), and
       optionally one or more nicknames. Either official  hostnames  or	 nick‐
       names can be specified in hostname.

       The user can opt for a secure rlogin session which uses Kerberos V5 for
       authentication. Encryption of the session data is  also	possible.  The
       rlogin  session	can  be kerberized using any of the following Kerberos
       specific options: -A, -PN or -PO, -x, -f or -F, and -k realm.  Some  of
       these  options (-A, -x, -PN or -PO, and -f or -F) can also be specified
       in the [appdefaults]  section  of  krb5.conf(4).	 The  usage  of	 these
       options	and  the expected behavior is discussed in the OPTIONS section
       below. If Kerberos authentication is used, authorization to the account
       is  controlled  through rules in krb5_auth_rules(5). If this authoriza‐
       tion fails, fallback to normal rlogin using rhosts occurs only  if  the
       -PO  option  is	used explicitly on the command line or is specified in
       krb5.conf(4). Also notice that the -PN or -PO, -x, -f  or  -F,  and  -k
       realm options are just supersets of the -A option.

       The  remote  terminal  type is the same as your local terminal type, as
       given in your environment TERM variable. The terminal or window size is
       also  copied  to	 the  remote system if the server supports the option.
       Changes in size are reflected as well. All echoing takes place  at  the
       remote  site, so that (except for delays) the remote login is transpar‐
       ent. Flow control using Control-S and Control-Q and flushing  of	 input
       and output on interrupts are handled properly.

OPTIONS
       The following options are supported:

       -8
		      Passes  eight-bit	 data across the net instead of seven-
		      bit data.

       -a
		      Forces the remote machine to ask for a password by send‐
		      ing a null local username.

       -A
		      Explicitly  enables  Kerberos  authentication and trusts
		      the .k5login file for access-control. If the  authoriza‐
		      tion check by in.rlogind(1M) on the server-side succeeds
		      and if the .k5login file permits	access,	 the  user  is
		      allowed to login without supplying a password.

       -ec
		      Specifies	 a different escape character, c, for the line
		      used to disconnect from the remote host.

       -E
		      Stops any character from being recognized as  an	escape
		      character.

       -f
		      Forwards	a  copy	 of  the  local	 credentials (Kerberos
		      Ticket Granting Ticket) to the remote system. This is  a
		      non-forwardable ticket granting ticket. You must forward
		      a ticket granting ticket if  you	need  to  authenticate
		      yourself	to  other  Kerberized  network services on the
		      remote host. An example is if your home directory on the
		      remote  host  is	NFS  mounted  via Kerberos V5. If your
		      local credentials are not forwarded in  this  case,  you
		      can not access your home directory. This option is mutu‐
		      ally exclusive with the -F option.

       -F
		      Forwards a forwardable copy  of  the  local  credentials
		      (Kerberos	 Ticket Granting Ticket) to the remote system.
		      The -F option provides a superset of  the	 functionality
		      offered  by  the	-f  option.  For  example, with the -f
		      option, after you connected  to  the  remote  host,  any
		      attempt	to   invoke   /usr/bin/ftp,   /usr/bin/telnet,
		      /usr/bin/rlogin, or  /usr/bin/rsh	 with  the  -f	or  -F
		      options  would  fail.  Thus, you would be unable to push
		      your single network sign on  trust  beyond  one  system.
		      This option is mutually exclusive with the -f option.

       -k realm
		      Causes  rlogin  to obtain tickets for the remote host in
		      realm instead of the remote host's realm	as  determined
		      by krb5.conf(4).

       -K
		      This option explicitly disables Kerberos authentication.
		      It can be used to override  the  autologin  variable  in
		      krb5.conf(4).

       -l username
		      Specifies	 a different username for the remote login. If
		      you do not use this option, the remote username used  is
		      the same as your local username.

       -L
		      Allows the rlogin session to be run in "litout" mode.

       -PN
       -PO
		      Explicitly  requests  the new (-PN) or old (-PO) version
		      of the Kerberos `rcmd' protocol. The new protocol avoids
		      many  security  problems prevalant in the old one and is
		      considered much more secure, but	is  not	 interoperable
		      with  older (MIT/SEAM) servers. The new protocol is used
		      by default,  unless  explicitly  specified  using	 these
		      options or by using krb5.conf(4). If Kerberos authoriza‐
		      tion fails when using the old `rcmd' protocol, there  is
		      fallback	to regular, non-kerberized rlogin. This is not
		      the case when the new, more secure  `rcmd'  protocol  is
		      used.

       -x
		      Turns  on DES encryption for all data passed through the
		      rlogin  session.	 This  reduces	 response   time   and
		      increases CPU utilization.

   Escape Sequences
       Lines  that  you	 type  which  start  with  the tilde character (~) are
       "escape sequences." The escape character can be changed	using  the  -e
       option.

       ~.
		 Disconnects  from  the remote host. This is not the same as a
		 logout, because the local host breaks the connection with  no
		 warning to the remote end.

       ~susp
		 Suspends the login session, but only if you are using a shell
		 with Job Control.  susp is your "suspend" character,  usually
		 Control-Z. See tty(1).

       ~dsusp
		 Suspends  the	input  half  of the login, but output is still
		 able to be seen (only if you are using a shell with Job  Con‐
		 trol).	 dsusp	is  your "deferred suspend" character, usually
		 Control-Y. See tty(1).

OPERANDS
       hostname
		   The remote machine on which rlogin establishes  the	remote
		   login session.

USAGE
       For  the kerberized rlogin session, each user can have a private autho‐
       rization list in a file, .k5login, in his home directory. Each line  in
       this  file should contain a Kerberos principal name of the form princi‐
       pal/instance@realm. If there is a ~/.k5login file, access is granted to
       the account if and only if the originating user is authenticated to one
       of the principals named in the ~/.k5login file.	Otherwise, the	origi‐
       nating user is granted access to the account if and only if the authen‐
       ticated principal name of the user can be mapped to the	local  account
       name  using  the authenticated-principal-name → local-user-name mapping
       rules. The .k5login file (for access control) comes into play only when
       Kerberos authentication is being done.

       For  the non-secure rlogin session, each remote machine can have a file
       named /etc/hosts.equiv containing a list of  trusted  host  names  with
       which  it  shares user names. Users with the same user name on both the
       local and remote machine can rlogin from the  machines  listed  in  the
       remote  machine's  /etc/hosts.equiv  file without supplying a password.
       Individual users camayn set up a similar private equivalence list  with
       the file .rhosts in their home directories. Each line in this file con‐
       tains two names, that is, a host name and a user name, separated	 by  a
       space.  An entry in a remote user's .rhosts file permits the user named
       username who is logged into hostname to log in to the remote machine as
       the  remote user without supplying a password. If the name of the local
       host is not found in the /etc/hosts.equiv file on the  remote  machine,
       and  the	 local	user  name  and	 host name are not found in the remote
       user's .rhosts file, then the remote machine prompts  for  a  password.
       Host names listed in the /etc/hosts.equiv and .rhosts files must be the
       official host names listed in the hosts database. Nicknames can not  be
       used in either of these files.

       For  security  reasons,	the  .rhosts  file must be owned by either the
       remote user or by root.

FILES
       /etc/passwd
			      Contains information about users' accounts.

       /usr/hosts/*
			      For hostname version of the command.

       /etc/hosts.equiv
			      List  of	trusted	 hostnames  with  shared  user
			      names.

       /etc/nologin
			      Message  displayed  to users attempting to login
			      during machine shutdown.

       $HOME/.rhosts
			      Private list of trusted hostname/username combi‐
			      nations.

       $HOME/.k5login
			      File  containing	Kerberos  principals  that are
			      allowed access.

       /etc/krb5/krb5.conf
			      Kerberos configuration file.

       /etc/hosts
			      Hosts database.

SEE ALSO
       rsh(1),	stty(1),  tty(1),   in.rlogind(1M),   hosts(4),hosts.equiv(4),
       krb5.conf(4), nologin(4), attributes(5), krb5_auth_rules(5)

DIAGNOSTICS
       The  following  message indicates that the machine is in the process of
       being shutdown and logins have been disabled:

	 NO LOGINS: System going down in N minutes

NOTES
       When a system is listed in hosts.equiv, its security must be as good as
       local  security.	 One insecure system listed in hosts.equiv can compro‐
       mise the security of the entire system.

       The Network Information Service (NIS) was formerly known as Sun	Yellow
       Pages  (YP.)  The  functionality	 of the two remains the same. Only the
       name has changed.

       This implementation can only use the TCP network service.

				 Dec 23, 2008			     RLOGIN(1)
[top]

List of man pages available for SmartOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net